Last week’s big cybersecurity news was that the FBI obtained a court order to force Apple to develop new software that would bypass several iPhone security features so the FBI can attempt to unlock the work phone of one of the San Bernardino shooters. Apple plans to challenge that order. (Full disclosure: I am planning on writing a technologists’ amicus brief on Apple’s side in that challenge.)

The ruling was one of those rare moments where digital security developments grabbed a big share of the public limelight. There were technical explanations, legal explainers, and policy pieces. The editorial boards of The New York Times, The Wall Street Journal, and The Washington Post all weighed in to say they believed the government had overstepped by seeking to force Apple to write new code that would undermine the security of its devices. The House Energy and Commerce investigation subcommittee indicated it wants to jump into the mix, asking Apple CEO Tim Cook and FBI Director James Comey to testify about the challenge.

Meanwhile, the federal government is on a full public relations tear, with Comey disclaiming a desire to obtain legal precedent for future investigations, and cloaking himself in the PR-friendly goal of ameliorating the sorrow of the San Bernardino shooting victims and their families. Meanwhile, the DOJ wags its finger at Apple for being motivated by business interests. The government is waging this battle for the moral high ground despite last week’s leak of a confidential National Security Council “decision memo” setting out a broader Obama administration initiative to handle the so-called “Going dark” problem by finding new encryption workarounds and identifying laws that agencies might want to change.

This story and its subsequent developments (including the government’s motion to compel and the updated briefing schedule) has been everywhere since the story broke last Tuesday. The story will continue to unfold, and as it does so, here are some things to think about.

We live in a software-defined world. In 2000, Lawrence Lessig wrote that Code is Law — the software and hardware that comprise cyberspace are powerful regulators that can either protect or threaten liberty. A few years ago, Mark Andreessen wrote that software was eating the world, pointing to a trend that is hockey sticking today. Software is redefining everything, even national defense. But, software is written by humans. Increasingly, our reality will obey the rules encoded in software, not of Newtonian physics. Software defines what we can do and what can be done to us. It protects our privacy and ensures security, or not. Software design can be liberty-friendly or tyranny-friendly.

This battle is over who gets to control software, and thus the basic rules of the world we live in. Who will write the proverbial laws of physics in the digital world? Is it the FBI and DOJ? Is it the US Congress? Is it private industry? Or is it going to be individuals around the world making choices that will empower us to protect ourselves — for better or for worse?

Some news outlets have returned to the familiar but tired and inaccurate trope of privacy versus security. This isn’t a privacy versus security case. The FBI has a search warrant that honors and overcomes the San Bernardino shooter’s privacy interests in the phone. (Of course, there won’t be a warrant in all or even most of the cases where governments demand forensic workarounds for phone security. In the US ,warrants are endangered — for international communications, intelligence investigations, border crossings, and more. Outside the US, we can’t count on even democracies to have judicial review or probable cause requirements, or human rights-respecting laws.)

There are other interests at stake here too. Apple has a liberty interest in not being dragooned into writing forensic software for our government or any other. As Judge James Orenstein of the Eastern District of New York wrote in October when he sparked a conversation about the proper scope of government power over communications providers by refusing to immediately sign an order compelling Apple to unlock a handset, Apple is “free to choose to promote its customers’ interest in privacy over the competing interest of law enforcement.”

For this reason, it’s surprising that the more libertarian-leaning organizations and lawmakers in our nation have not come out more strongly and persistently on Apple’s side.

Finally, there’s a public safety issue here. This is a security versus security case — the government’s interest in investigations versus the public interest in increasingly secure communications. Government demands like this have security externalities. For technical, legal, and geopolitical reasons, it’s hard — probably impossible — to break security measures for just a few devices and only under the right circumstances. This matters because we also live in a world of rampant communications insecurity. Governments exploit security vulnerabilities to surveil people — both their own citizens and foreigners. They use such vulnerabilities to conduct drone assassinations, spy on journalists, and engage in mass surveillance. And that’s just the US. (See here, here, and here for the very tip of the iceberg elsewhere.) While the FBI’s request seems to go beyond what other governments have sought from Apple so far, if Apple is forced to develop code to exploit its own phones, it will only be a matter of time before other countries seek to do the same.

The big question then becomes: Are people going to be forced to live in a surveillance-friendly world? Or will the public be able to choose products — phones, computers, apps — that keep our private information, conversations, and thoughts secure?

Right now, the FBI wants to decide these questions with reference to a law that was originally passed in 1789. The All Writs Act (AWA) allows courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.” Obviously, Congress wasn’t considering iPhone security at the time. The AWA has no internal limits and provides no guidance for courts on how to weigh individual privacy interests with corporate liberty and business interests with public safety interests. It is an utterly inappropriate vehicle for compelling forensic assistance.

Where Congress has actually authorized law enforcement to make demands of providers, it’s been far more nuanced than the AWA. The Communications Assistance for Law Enforcement Act (CALEA) passed in 1994 requires surveillance-friendly telephone networks. CALEA is a complex statute and its regulations are based on public hearings and an explicit consideration of public security. Still, CALEA mandates have led to insecure design and serious privacy breaches. Provider assistance provisions in the pen register statute, the Wiretap Act, and the Foreign Intelligence Surveillance Act allow the government to compel cooperation, but only for particular classes of providers and a limited set of data. The statutes also limit the burden our government can impose on private entities.

This is not to say that Congress should act. Communications security is global, complicated, critical, and we are very bad at it. Government policy should be, and often is, to improve it and not to tear it down. But Congress, when confronted with this issue in the past, has done and would do a far more thoughtful and nuanced job than the FBI and DOJ are doing.

Finally, this case is not about this particular phone. Contrary to a host of statements that claim the FBI’s request is narrow and will only apply to a single shooter’s work phone (here, here, and here), if it wins, the government will do this again. And so will others. The Manhattan DA has already indicated his appetite for such a workaround, as have foreign countries. This won’t be “exceptional access,” a phrase I would like to strangle and bury. There’s nothing “exceptional” about it. Apple has said that the software the FBI is seeking would be effective on every iPhone currently on the market. As soon as the code is out there, its use will be widespread.

Some people are trying to draw a line between design mandates, which this isn’t, and obligations to create forensic tools. Design mandates are a disaster, but this is nearly as bad. As soon as the legal precedent is out there, compelled forensic workarounds will quickly become routine. Legal precedent is bigger than the particular request in the specific case. It gets handed down and applied in a variety of contexts, many of which look vastly different than the facts that originally led to its development. If the All Writs Act can be used in this way — to force a company to develop forensic software that the government wants to deploy in a single case of terrorism — it could be used in any number of other (currently unforeseen) circumstances.

In other words, design mandates will be next. In fact, maybe it’s already happening behind our backs. When the Snowden documents showed that Microsoft had created surveillance backdoors in Skype, Outlook.com, and Hotmail, the company issued a statement. It said:

Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That’s why we’ve argued for additional transparency that would help everyone understand and debate these important issues.

At the Center for Internet and Society, we’ve been trying to figure out what those legal obligations are. I wonder if these AWA arguments are part of it.

To make sound policy in this space, the public needs to know what the government is forcing companies to do, the full picture. This San Bernardino case is just one salvo in the ongoing war between a surveillance-friendly world and a surveillance-resistant world. The stakes for liberty, security, and privacy — for control over our software-defined world — are high.

In their ongoing clash, the two notoriously secret organizations are fighting for Americans’ Privacy Rights

The FBI just got a judge to order Apple to create a backdoor into the iPhone — putting all of our safety at risk by exposing personal information to hackers, criminals, terrorists, and government spies.

There’s a recurring moment in political debates when a candidate, eager to speak directly to the American public, shifts his gaze from the moderators and opponents and talks straight into the camera. The move is a little jarring—especially when Chris Christie deploys his unblinking stare—but it’s effective: It says, “Forget these other candidates; I’m talking to you, voter.”

In their very public fight over device security, Apple and the FBI seem to employing this same tactic. Instead of mining the tech industry or outside experts for support, the two organizations, both known for their secrecy, are breaking the fourth wall and turning to you, an American citizen and technology user.

Apple fired the opening salvo last week, when it responded to a federal judge’s order to help the FBI unlock an iPhone 5c that belonged to one of the shooters that killed 14 people in San Bernardino, California. In an open letter to customers, Apple CEO Tim Cook explained his opposition to the FBI’s request, arguing that it would set a “dangerous precedent” that would harm consumer privacy.

But going public wasn’t Apple’s first choice: The FBI appeared to force Apple’s hand.According to The New York Times, Apple asked the FBI to file its request for the company’s assistance under seal. But the government chose to file publicly instead, prompting Cook’s letter.

As the media struggled to keep straight the details of a complex technical and legal fight, Cook and FBI Director James Comey continued over the weekend to appeal directly to Americans to explain their reasoning.

In a very simply worded and direct letter posted to the Lawfare blog Sunday, Comey framed his controversial request as a routine effort to perform due diligence, while taking a “moral stand”on the San Bernardino investigation. “We Could Not Look the Survivors in the Eye, or ourselves in the mirror, if we don’t follow this lead,” Comey wrote. He called on “folks” to “take a deep breath,”and remember the terrorist attack that set off the probe.

While a federal court weighs the arguments, Apple and the FBI hope their preferred storylines prevail amongst the public.

Apple countered Monday morning with a frequently-asked-questions page that broke down, in a similarly straightforward way, the facts of the case and its argument for resisting the FBI’s request. And in an email to Apple employees that was shared with reporters, Cook wrote of receiving messages of support from “thousands of people in all 50 states.”

As Cook and Comey turned toward the camera to argue candidly for their positions, they continued to kick each other under the table. After Apple was granted more time to prepare its argument against the court order, the FBI submitted an aggressively worded motion to compel Apple’s compliance with its request, arguing that the company’s actions “appear to be based on its concern for its business model and public brand marketing strategy.”

While the U.S. Court of Central District of California weighs the arguments, Apple and the FBI hope their preferred storylines prevail amongst the public. In Apple’s frame, Tim Cook is a crusader for privacy who stands up for constitutional rights in the face of an overreaching government. The FBI would prefer that Americans see Apple as a renegade corporation that’s blocking a crucial terrorism investigation to bolster its image and, ultimately, its bottom line.

News that a lawyer representing at least some of the victims of the San Bernardino attack will file on behalf of the FBI could hurt Apple’s image as the principled do-gooder in the scenario. That’s a calculated move: The lawyer says he was approached by the government to represent the victims last week.

In its question-and-answer page published Monday, Apple called for the FBI to withdraw its legal request and participate in an organized forum to determine the ideal balance between the use of strong encryption and law-enforcement access to protected data. The idea for a commission that would bring together civil-liberties, technology, and intelligence experts was put forward by Senator Mark Warner and Representative Michael McCaul in December.

It’s not clear whether such discussions would be public or private, but simply participating in a forum alongside government agents could help Apple look more cooperative on important national-security issues.

Even if Apple can successfully ward off the FBI’s request for assistance—a request with which which it admits it could technically comply—its reputation is at stake.

Under Steve Jobs, Apple was notoriously tight-lipped, revealing little outside of its biannual product-release extravaganzas. But since Cook took over after Jobs’s death, he’s been increasingly outspoken about civil-liberties issues, including LGBT rights and immigration. Last week, he was invited to testify alongside Comey in front of a House committee, in what could amount to his most public test.

Apple vs. FBI: epic fight over privacy and national security

What just happened?

The FBI just got a judge to order Apple to create a backdoor into the iPhone — putting all of our safety at risk by exposing personal information to hackers, criminals, terrorists, and government spies. For more details and background, read the story in Wapo, this analysis by Techdirt, and and the response from Apple.

A digital rights organization is organizing protests at Apple Stores around the U.S. today, Tuesday, Feb. 23rd.

Fight for the Future, which has been involved in several online protests in the past, has organized more than 40 protests outside Apple Stores on Tuesday at 5:30 p.m. local time. The organization says protesters will carry “iPhone-shaped banners reading ‘Don’t Break Our iPhones.’” Protests will also be held at Apple Stores in New York City, Los Angeles, and other major cities. The protesters are also planning to rally outside FBI headquarters in Washington, D.C.

“People are rallying at Apple stores because giving the government easier access to our data, also gives everyone else, including terrorists, thieves and stalkers, easier access to our data—making all of us less safe, not more safe,” Evan Greer, campaign director of Fight for the Future, said in a statement. “The government’s unconstitutional attack on our digital security could put millions of people in danger, so it’s critically important that we support any fight to keep our most sensitive personal, medical, legal and financial information protected.

The rallies will come exactly a week after Apple was ordered by a U.S. magistrate judge to provide software to the FBI that would allow the agency to crack the passcode on the iPhone used by one of the attackers in the tragic San Bernardino terrorist attacks. Apple denied the request, saying that it would represent a breach in privacy for all users.

“The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge,”Apple CEO Tim Cook wrote in the open letter last week. “Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.”

Soon after, several technology giants, including serial entrepreneur Mark Cuban, messaging app WhatsApp, and Google, came out in support of Apple’s stance. Privacy advocates around the world, including the Electronic Frontier Foundation and the American Civil Liberties Union, also stood by Apple.

Meanwhile, the FBI has held strong, arguing that it’s simply trying to access data on a single device and has no interest in violating the privacy of any other users. Indeed, the agency’s director James Comey said in his own open letter on Sunday that the FBI is trying to do its job.

“We simply want the chance, with a search warrant, to try to guess the terrorist’s passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That’s it,”he said. “We don’t want to break anyone’s encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that.

His comments, however, may have been too little, too late. Fight for the Future held an impromptu protest in San Francisco last week, and was able to get “dozens of people” to turn out. Now with a week’s notice, the organization is hoping for even better turn outs across the U.S. Fight for the Future says it will add more protests leading up to Tuesday.

“The rallies are being organized in a grassroots manner by individuals who agree to host an event in their town,” the organization said. “Fight for the Future then provides those members with banners and support with recruitment. More events are being added all the time, so check back before Tuesday if you don’t see one in your area yet.”

Resources

Show up on Tuesday at 5:30pm local time and gather in front of the store holding signs or phones, computers, and tablets open to ProtestSign.org (which turns your device into a handy protest sign!) You can also bring your own handmade sign too! Our basic message is: “FBI: Don’t break our iPhones!” and “Secure Phones Save Lives.”

Be energetic, but positive! We’re angry that the FBI is trying to make all of us less safe by undermining Apple’s security, but the goal of these events is to educate the public, lawmakers, and the press about WHY this is so dangerous. So let’s channel our anger into action!

Get some photos of the group with your phones and signs up. Send your photos IMMEDIATELY to team@fightforthefuture.org and we’ll help get them out to the press and on social media. The faster you can send photos the more likely we are to get press attention. You can also post photos on social media with the hashtag #DontBreakOurPhones.

Today up until the rally: message, call, & text everyone you know to come show support. It really works! Let us know if you’ll have time to do more outreach and we can further assist you.